Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c394c85dde339930fef0b8f82e5f1fcf41b4022165eacc8567a9c5284f8824c0

  • Size

    649KB

  • Sample

    230910-q1d9xshd98

  • MD5

    e187c6f471e9ee95ecad61def25f66b2

  • SHA1

    0f37ad110ed04682a7d55a7fc9a43ac1ea95751d

  • SHA256

    c394c85dde339930fef0b8f82e5f1fcf41b4022165eacc8567a9c5284f8824c0

  • SHA512

    3b8ccd4877971aa17329673e71c10ae33e75c53b9f0d81b3163e7fbfab127a39048a14e0124a174f1c5ee19507d9a503de8a462acd8a3f9e1ff3e6ca76b37bd7

  • SSDEEP

    12288:mMrmy90pMeNpRAemHyk/hXQFoBRqeWcnO3iboHlFDXGf7TcKk3B1Ul:Ayf29mSk/hXQoB0eWcOyboDOXcIl

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      c394c85dde339930fef0b8f82e5f1fcf41b4022165eacc8567a9c5284f8824c0

    • Size

      649KB

    • MD5

      e187c6f471e9ee95ecad61def25f66b2

    • SHA1

      0f37ad110ed04682a7d55a7fc9a43ac1ea95751d

    • SHA256

      c394c85dde339930fef0b8f82e5f1fcf41b4022165eacc8567a9c5284f8824c0

    • SHA512

      3b8ccd4877971aa17329673e71c10ae33e75c53b9f0d81b3163e7fbfab127a39048a14e0124a174f1c5ee19507d9a503de8a462acd8a3f9e1ff3e6ca76b37bd7

    • SSDEEP

      12288:mMrmy90pMeNpRAemHyk/hXQFoBRqeWcnO3iboHlFDXGf7TcKk3B1Ul:Ayf29mSk/hXQoB0eWcOyboDOXcIl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks